#!/usr/bin/env bash

# https://www.cnblogs.com/tanxiaojuncom/p/11530338.html
openssl genrsa -out local.key 2048
openssl req -new -key local.key -out local.csr
openssl x509 -req -in local.csr -extensions v3_ca -signkey local.key -out local.crt
openssl genrsa -out my_server.key 2048
openssl req -new -key my_server.key -out my_server.csr


:'
server {
  listen       80;
  listen       443 default  ssl;
  server_name  localhost;
  keepalive_timeout 100;

  ssl_certificate      /root/local.crt;
  ssl_certificate_key  /root/local.key;

  ssl_session_cache    shared:SSL:10m;
  ssl_session_timeout  10m;

  ssl_ciphers  HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers  on;

  charset utf-8;
}
'
